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DETAILED ACTION 

1 . Claims 1 -54 are pending. 

Election/Restrictions 

2. Claims 9-17, 26-34, 42-46, and 55-64 are withdrawn from further consideration 
pursuant to 37 CFR 1.142(b), as being drawn to a nonelected invention, there being no 
allowable generic or linking claim. Applicant timely traversed the restriction (election) 
requirement in the reply filed on 6 March 2007. 

Claim Rejections - 35 USC §103 

The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

3. Claims 1-5, 7-8, 18-22, 24-25, 47-51, and 53-54 are rejected under 35 U.S.C. 
103(a) as being unpatentable over England US Patent No. 6,757,824 in view of Kozen 
"Efficient Code Certification." 

4. With regards to claims 1, 18, and 47, England teaches verifying security of a 
boot code associated with a peripheral device by performing a security check on the 
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boot code in accordance with a certificate (England, column 7 lines 18-46, component 
certificate associated with device driver is verified) and executing the boot code based 
on a result of the security check (England, column 9 lines 50-55, component is loaded if 
rules are satisfied). England fails to teach a description of the operation of the boot 
code being verified. However, Kozen teaches a description of the operation of the boot 
code being verified (Kozen, pages 2-3). At the time the invention was made, it would 
have been obvious to a person of ordinary skill in the art to utilize Kozen's method of 
verifying operation of a program because it offers the advantage of allowing ensuring 
that executable code downloaded from an untrusted source is safe to run (Kozen, page 
2). 

5. With regards to claims 2, 19, and 48, England as modified teaches verifying 
the security of the boot code includes verifying the boot code via Efficient Code 
Certification that specifies a process for performing the security check on the boot code 
as indicated by the certificate (Kozen, pages 2-3). 

6. With regards to claims 3, 20, and 49, England as modified teaches the 
certificate further indicates a type of security check to perform (England, column 7 lines 
18-46, component certificate, Kozen, pages 2-3). 

7. With regards to claims 4, 21, and 50, England as modified teaches the type of 

security check comprises one of a security check to enforce type safety, a security 
check to enforce flow control safety, a security check to enforce memory safety, a 
security check to enforce stack safety, a security check to enforce device encapsulation, 
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and a security check to enforce prevention of specific forms of harm (Kozen, page 3, 
control flow, memory, stack safety). 

8. With regards to claims 5, 22, and 51, England as modified teaches the boot 
code includes boot firmware (England, column 7 lines 40-45, boot block). 

9. With regards to claims 7, 24, and 53, England as modified teaches verifying 
the safety of the boot code occurs inline such that verifying the safety of the boot code 
occurs in real time prior to executing the boot code (England, column 9 lines 50-55, 
component is loaded if rules are satisfied). 

10. With regards to claims 8, 25, and 54. England as modified teaches the boot 
code includes a device driver to initialize a peripheral device and define an application 
program interface for accessing and controlling the peripheral device (England, column 
7 lines 35-47). 

11. Claims 2, 23, and 52 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over England US Patent No. 6,757,824 and Kozen "Efficient Code 
Certification," as applied to claim 1 above, and in further view of Rudoff et al US Patent 
No. 6,263,378 

12. With regards to claims 2, 23, and 52, England as modified fails to teach the . 
boot firmware conforms to the Open Firmware standard IEEE-1275. However, Rudoff 
teaches boot firmware conforming to the Open Firmware standard IEEE-1275 (Rudoff, 
Abstract). At the time the invention was made, it would have been obvious to a person 
of ordinary skill In the art to utilize RudofTs method of using IEEE 1275 because it offers 
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the advantage of providing facilities for both debugging hardware and software and 
provides an industry standard (Rudoff, column 3 lines 10-30). 

13. Claims 35-41 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
England US Patent No. 6.757.824 in view of Kozen "Efficient Code Certification" and 
Ong US PGPub 2004/0177258. 

14. With regards to claim 35, England as modified teaches all that is described 
above regarding claim 1, but fails to teaches a peripheral device having a memory 
module wherein the memory module stores a boot code and a certificate. However, 
Ong teaches a peripheral device having a memory module wherein the memory module 
stores a boot code and a certificate (Ong, paragraph 0025). At the time the invention 
was made, it would have been obvious to a person of ordinary skill in the art to utilize 
Ong's method of storing boot codes and certificates in a peripheral device because it 
offers the advantage of allowing the identification and verification of a peripheral 
component using its certificate to prove trust (Ong, paragraph 0028): 

15. Witli regards to claims 36, England as modified teaches verifying the security 
of the boot code includes verifying the boot code via Efficient Code Certification that 
specifies a process for performing the security check on the boot code as indicated by 
the certificate (Kozen, pages 2-3). 

16. With regards to claims 37, England as modified teaches the certificate further 
indicates a type of security check to perform (England, column 7 lines 18-46, 
component certificate, Kozen, pages 2-3). 
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17. With regards to claims 38, England as modified teaches the type of security 
check comprises one of a security check to enforce type safety, a security check to 
enforce flow control safety, a security check to enforce memory safety, a security check 
to enforce stack safety, a security check to enforce device encapsulation, and a security 
check to enforce prevention of specific forms of harm (Kozen. page 3. control flow, 
memory, stack safety). 

18. With regards to claims 39, England as modified teaches verifying the safety of 
the boot code occurs inline such that verifying the safety of the boot code occurs in real 
time prior to executing the boot code (England, column 9 lines 50-55. component is 
loaded if rules are satisfied). 

19. With regards to claims 40. England as modified teaches the boot code includes 
a device driver to initialize a peripheral device and define an application program 
interface for accessing and controlling the peripheral device (England, column 7 lines 
35-47). 

20. With regards to claim 41, England as modified teaches the peripheral device 
comprises one of a graphic device, network controller, and storage controller (Ong. 
paragraph 0025, stores sensitive data). 

Conclusion 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Andrew L. Nalven whose telephone number is 571 272 
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3839. The examiner can normally be reached on Monday - Thursday 8-6. Alternate 
Fridays. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Kambiz Zand can be reached on 571 272 381 1, The fax phone number for 
the organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 

Andrew Nalven / 





